scottk/chatwoot
1
0
Fork 0
mirror of https://github.com/lingble/chatwoot.git synced 2025-11-02 12:08:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: validate query conditions (#10595)

Browse Source 
Query conditions can take in arbitrary values, this can cause SQL
errors. This PR fixes it
This commit is contained in:
Shivam Mishra
2024-12-17 17:16:37 +05:30
committed by GitHub
parent e3109dbb22
commit b34dac7bbe
14 changed files with 119 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/api/v1/accounts/contacts_controller.rb
View File

@@ -68,6 +68,7 @@ class Api::V1::Accounts::ContactsController < Api::V1::Accounts::BaseController
@contacts = fetch_contacts(contacts)
rescue CustomExceptions::CustomFilter::InvalidAttribute,
CustomExceptions::CustomFilter::InvalidOperator,
CustomExceptions::CustomFilter::InvalidQueryOperator,
CustomExceptions::CustomFilter::InvalidValue => e
render_could_not_create_error(e.message)
end

1
app/controllers/api/v1/accounts/conversations_controller.rb
View File

@@ -46,6 +46,7 @@ class Api::V1::Accounts::ConversationsController < Api::V1::Accounts::BaseContro
@conversations_count = result[:count]
rescue CustomExceptions::CustomFilter::InvalidAttribute,
CustomExceptions::CustomFilter::InvalidOperator,
CustomExceptions::CustomFilter::InvalidQueryOperator,
CustomExceptions::CustomFilter::InvalidValue => e
render_could_not_create_error(e.message)
end